KnujOn Updates Top 10 Spam-Friendly Registrars List

alphadogg writes "Some companies are more popular than others for spammers wanting to register their domain names. Spam-fighting organization KnujOn has updated its report on the top 10 registrars whose customers are linked to spam and other illicit activity. (We discussed the original report last year.) These 10 companies registered 83% of the domains spammed in KnujOn's sample of spam between June and January. KnujOn found that some companies have cleaned up their act in recent months and that others — most surprisingly, Network Solutions and GoDaddy sister company Wild West domains — have popped up on the list. At the top of KnujOn's list, for the second time in a row, is Xinnet.com, a Chinese registrar linked to more than 3 million spam messages. KnujOn recommends that ICANN threaten to pull Xinnet's accreditation, as it did for some of the offenders on the previous list."

Blacklisting registrars

Is there any easy, automated mechanism to find out who the registrar of a domain is? This information could be very useful to spam filters and RBLs based on registrar could then exist.

WHOIS doesn't count, as it's not designed for mass querying.

If there isn't such a mechanism, I think that it could be a very useful thing that ICANN could do.

Re:Blacklisting registrars

[MightyYar]

I don't need my personal email suddenly being marked as spam on accident because my domains are through one of those registars.

I don't think it would work like that... this isn't a list of where the spam comes from... that is presumably bot nets. This is a list of what domains are being advertised in the spam. So, you'd look up the registrar of each domain mentioned in an email. If the registrar is a big spammer, you'd give them a few extra points toward their spam score. Wild West wouldn't get too much of a penalty, since only 0.36% of their domains are spamvertised. On the other hand, anything mentioning a "Planet Online" domain is much more likely to be a spam message... a whopping 39% of their domains have been spammed.

The only way this would harm you is if you send out bulk email to your customers, they are somewhat spam-like, and they don't have you whitelisted.

Re:It's Not the Registrars, it's the System

[MightyYar]

Maybe some registrars are more spam-friendly than others, but as long as domains are so absurdly cheap, there's not a lot registrars can do to prevent abuse.

They can have an automated call-back system like my bank does... that way even if the credit card they are using is stolen, they'd still have to provide a phone number each time they register a domain.

It would be trivial to track purchasing behavior based on phone numbers, and this would force spammers to somehow get access to a new phone number each time... raising their cost somewhat.

eNom and their safe harbour wikipedia page

I attempted over the last year to document much of eNom's complicit nature towards their spammer customers, using verifiable independent references on wikipedia.

However, Demand Media's PR person eventually arrived on the scene and started rewriting the page, whitewashing and massaging references to spam and the stats as their pertain to their top-tier status on the URIBL, etc.

Said PR person also added all kinds of fluffy corporate marketing garbage such as an "awards and accreditations" section.

To make matters worse they have a couple Wiki admin buddies that let them have the final say on the white washed version. The original IP address of their corporate cleaner (goes by Thirdbeach) is an IP address at Demand Media.

Scum.